Skip to main content
close search
site logo
Dive Brief

Philips, DHS flag cyber vulnerability in EKG analysis software

Published July 15, 2019
Maria Rachal's headshot
Maria Rachal Editor
Philips

Dive Brief:

  • Highly skilled, unauthorized users may be able to enable unpurchased system options in a 12-lead electrocardiogram analysis software program made by Philips, according to a cybersecurity advisory Thursday.
  • The alert, issued by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said all versions of the Philips Holter 2010 Plus are affected. The organization rated the vulnerability as having relatively low severity.
  • Philips faced another ICS-CERT call-out in May, when the DHS division flagged an issue with an electronic medical record product that could allow a hacker to compromise patient confidentiality.

Dive Insight:

While the potential for patient harm from this particular Philips cybersecurity issue is not high, it's still part of a trend of discoveries of medical device weaknesses. FDA's Patient Engagement Advisory Committee will meet Sept. 10 to discuss medical device cybersecurity, with a particular focus on how regulators and industry can best inform the public of risks.

Philips proactively reported the vulnerability to the National Cybersecurity and Communications Integration Center. The company said in a statement the issue "does not impact patient safety, patient data integrity or confidentiality or system operations," and it isn't aware of reports of utility or safety of the product being affected.

The ICS-CERT advisory was the second medtech alert of the week. A more serious warning Tuesday highlighted two hospital anesthesia machines: GE's Aestiva and Aespire devices. A cybersecurity firm discovered a medium severity vulnerability in which a hacker could remotely silence alarms, alter time and date records or change composition of aspirated gases.

NCCIC says it's a good idea for users of the Philips software disable unnecessary accounts and services.

"Philips recommends users implement role-based access controls to control physical access to the system," the advisory said. "Further controls are provided by the multiple components required to exploit the vulnerability."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Survey Shows Growing Dependence on Contracts Among Medical Device Companies, Even as Contract …
From AcuityMD
October 21, 2024
Echosens Launches its Liver Health Management (LHM) Platform Globally, Streamlining Liver Care
From Echosens
November 04, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Innoventric Secures $28.5M and Unveils Groundbreaking Tricuspid Regurgitation Treatment to Hel…
From Innoventric
October 29, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell